Quick Base Disabling TLS 1.0 and 1.1

Quick Base is focused on continually helping our customers improve their security by using the safest security protocols and aligning with industry best practices for data security and integrity.

To that end, on November 14th, 2018 at 1:00 PM Eastern US Time, Quick Base will disable the TLS 1.0 and TLS 1.1 encryption protocols on the Quick Base platform while continuing to support TLS 1.2.

What is TLS?TLS, short for Transport Layer Security, is a method for keeping your data secure online. You might also see this called SSL, which is an older term for the same type of technology. Without TLS, it’s possible for hackers or criminals to see your online activity. That’s why TLS has become the security standard online, used by online banks, email services, and– of course – Quick Base! You can tell a web site is using TLS if it has a lock icon next to the address:

TLS keeps your data safe in two ways. First, it encrypts your data so only the website you are interacting with can access it and other parties cannot.

TLS also protects you if a web page claims to be created by a certain company, but it was really built by someone else. TLS detects this and shows a red or crossed-out lock icon next to the web address

Am I using TLS 1.0 or 1.1 to access Quick Base?If you only access Quick Base applications using your browser, you most likely are NOT using TLS 1.0 or 1.1 and will hence have no problem when we disable support for them. If you want to know if your browser supports TLS 1.2, follow the instructions in the next section.

Otherwise, you can read on for more information about browser compatibility with TLS 1.2 by checking out the section below titled "What action is required if I use a browser to access Quick Base?"

If you use Quick Base APIs:If you use scripts or software programs that access Quick Base applications using APIs (Application Program Interfaces) or third-party integrations, you are possibly using TLS 1.0 or 1.1 and may have a problem when we disable them. If you’re not sure whether your apps use such scripts or programs, please open a support case by:

Clicking the ? menu > Manage Support Cases > + New Support Case.

For more information on how to evaluate your API programs, check out the next section.

What action is required if I access Quick Base via APIs or third-party integrations?If you have scripts or software programs, such as those written in Java or .NET, or scripts that use Quick Base APIs, you must ensure that the TLS implementation you are using on your side, supports TLS 1.2. If you use a third-party integration to access Quick Base, ensure that the third-party software supports TLS 1.2. If you are using Quick Base Edit, ensure that you have upgraded to the latest version that supports TLS 1.2. In all cases above, you must ensure that your implementation is configured specifically to use TLS 1.2 as the protocol with which it establishes a secure connection to Quick Base services.

If you’re not sure how to update your scripts or software programs, or you’re not sure how to access them, you need to contact your IT team, systems integrator,or webmaster.

TLS 1.2 Test Endpoint for APIsQuick Base has provided a test endpoint for your API programs/scripts at https://tls.quickbase.org. This endpoint is not intended to be a full Quick Base test environment, nor is that necessary for you to validate that your API programs/scripts support TLS 1.2.

Establishing a secure network connection between your API programs/scripts and the Quick Base platform occurs before any functional requests are made to the platform. In fact, the secure network connection is made between your API programs/scripts and Cloudflare, our DDOS protection service. Cloudflare then handles establishing the secure network connection between Cloudflare and Quick Base. Therefore, the focus of your testing efforts in this case need only be on successfully establishing the secure network connection using the TLS 1.2 protocol.

The test endpoint only supports TLS 1.2 and when successfully accessed will return a text value of “Successfully connected using TLS 1.2”. You can test your existing API programs/scripts by pointing them at this test endpoint and verifying that a successful TLS 1.2 connection has been made using your debugger or log files.

If your API programs/scripts do not support TLS 1.2, you should see an error in your debugger or log files similar to the following:

"The underlying connection was closed: An unexpected error occurred on a send."

"Authentication failed because the remote party has closed the transport stream."

What action is required if I use a browser to access Quick Base?You need to ensure that your browser supports the use of TLS 1.2. All modern browsers provide support for TLS 1.2 including all versions of Firefox and Chrome and Internet Explorer since version 7.You may have trouble accessing Quick Base if: • You are not using a supported internet browser, or • Your browser has the supported encryption protocols (TLS 1.2) disabled in the settings.

To validate your browser's compatibility with TLSv1.2, see the table below.

Below are details of compatibility configurations for computers running Microsoft Windows with the Internet Explorer or Edge browsers:

Microsoft Windows 10, Server 2016, and newerThese operating systems are already compatible with TLS 1.2: • If the browser has its default configuration, no further configuration is necessary. • Although Microsoft Internet Explorer 11 is installed, Microsoft Edge is set as the initial default web browser. • Both of these web browsers enable TLS 1.2 by default